DH prime generation taking a long time
Simon Josefsson
simon at josefsson.org
Fri Oct 15 11:11:43 CEST 2010
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> On Thu, Oct 14, 2010 at 10:34 PM, Simon Josefsson <simon at josefsson.org> wrote:
>
>>> The nettle code shouldn't have caused multiple reads to /dev/*random. It
>>> reads 32 bytes on initialization from /dev/urandom and will read some
>>> more after few hours. Which test causes this delay?
>> Newly committed self-test tests/gendh.c triggers it too. Running strace
>> on it reveals it is calling time() a lot, which suggests it is spending
>> time in nettle/rnd.c. This is with GnuTLS built with Nettle as backend.
>
> But do these calls actually cause a/the delay or the prime generation?
Nope, false alarm. It is GMP operations that is taking time because of
#define PRIME_CHECK_PARAM 18
...
ret = mpz_probab_prime_p (w, PRIME_CHECK_PARAM);
Perhaps 18 is a too excessive number. Are there established
recommendations on what number of repetitions are considered sufficient
for crypto purposes? Maybe there should be...
/Simon
More information about the Gnutls-devel
mailing list